[cfe-dev] vprintf(3) and "format string is not a string literal"
Shantonu Sen
ssen at apple.com
Sun Dec 16 20:03:55 PST 2007
I don't understand the following warning:
$ cat a.c
#include <stdarg.h>
#include <stdio.h>
int logmessage(int loglevel, char const *fmt, ...) {
int ret = 0;
va_list ap;
if (loglevel > 1) {
va_start(ap, fmt);
ret = vprintf(fmt, ap);
va_end(ap);
}
return ret;
}
$ clang -std=c99 a.c
a.c:10:23: warning: format string is not a string literal (potentially
insecure)
ret = vprintf(fmt, ap);
~~~~~~~ ^
1 diagnostic generated.
This seems counter-intuitive to the point of the vprintf(3) API, which
is to pass the format string and arguments from its caller
(logmessage()) in this case. When would vprintf(3) ever realistically
be called with a string literal? There seems to be test cases and
explicit code for this, so I'm guessing this is intentional, but I
don't quite understand why...
Shantonu Sen
ssen at apple.com
More information about the cfe-dev
mailing list